Ramblings of this guy you know!

Tech Stuff and random observations on life as I see it….

Tag Archives: Mac Defender

It Bites: MACdefender Trojan on Macs

Back on the 9th of May I wrote an article warning about the MACdefender Trojan. Back then I said that it was one that would catch the unwary… How wrong was I? It would appear that people are falling for this one left, right and center. In fact it would seem that Mac users, smug for so long that viruses weren’t their problem and are asked to input their admin password so often, don’t recognise the danger signs when they come along. Converse to this, research is indicating that Windows users, who have been bashed and battered so regularly with attacks, are becoming much more security conscious these days.
Read more of this post


I take a week off work and the Internet went to heck on a handcart

This stuff all happened around about the Easter weekend but I took a week and a bit off and I am only getting round to chatting about it now.. So I guess this is a bit of tech news yesterday. If you havent heard about this stuff, where have you been?

PSN Network
Even as I write this, the PSN network is still down after having been out of action since the 20th April. It was due back online on the 8th but may end up having to wait as long as the end of the month before access is re-instated.

The system went down after an intrusion was detected by Sony and they took the whole system offline. The news coming from Sony was slow to come out to users and there was some days of speculation as to the cause of the problem. It was suggested that the hacker group Antonymous was responsible thought they have since denied it was them as a group but couldn’t rule out an individuals actions.

Finally it was announced that Sony’s system was not patched and up to date and their user database was definitely compromised and that also users credit card information may have been exposed. The users database was not encrypted which is bad enough at least thankfully the credit card information was. Users were suggested to change their online passwords if they use the same password on all their accounts.

Official company statement:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility, if you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.”

The next announcement stated that they were rebuilding the system from the ground up and there would be a couple of days to get it up and running but work on this was probably delayed when there was a hack on the Sony Entertainment site as well. There was also news that they were moving the servers so was the breach possibly internal rather than external.

This is going to cost Sony big time to get this sorted, not just in a monetary sense but in reputation too. Game developers will also question whether they can trust Sony’s online system to keep them in their comfy profit margins. Gamers are of course suffering the most in this from a lack of access. Will this cause a shift of PS3 users to XBOX to get their online gaming fix?

Amazon EC2 downtime
On the 21st April 2011, Amazon EC2 storage went down across the US (Most press coverage stated that the problem was with the North Virginia availability zone but in truth it affected other zones initially but was confined to Virginia) …In probably, the biggest Cloud outage story to date, the Cloud doubters and haters and the press leapt on this story. During this outage several high profile sites were unable to provide their services as well as many individuals.

If you want to read the technical summary Amazon published visit here

In summary (and hopefully English) what happened was essentially a network failure on the high speed link used for storage replication forcing these requests down a much slower link. Due to the volume of requests the replication state got pushed into a queued looping state which they technically called “Stuck” where unsynchronised volumes knew they were unsynchronised and pushed out another request to re-synchronise. While in this “stuck” state, no information could be read or written to the affected services. After 3 hours work, the engineers confined the problem to one zone. After that there were a lot of technical updates (but no real information) stating that they had fixed more volume problems and while many services were restored before then, it took Amazon until the 29th April to conclude all the works and release all the stuck volumes and release the full summary of the problem.

I personally cannot hold Amazon totally to blame for this. If they are guilty of anything (and this is the same the world over with engineers and techs) it is the communication of the problem to the users of the system. Either the information was techno babble or the engineers were busy trying to fix the problem rather than talk about it.

Just as I close out, think on this… According to the Movie terminator, Skynet went online on the 19th April 2011… On the 21st April 2011, Amazon lost it’s EC2 storage… Those dates are to coincidental..

Hopefully by now, you will have upgraded your IOS version on your iPhone/iPod/iPad to the latest 4.3.3 whereupon all I mention below is entirely irrelevant. If you haven’t upgraded, here’s why you should. It starts with Apple but moves beyond as the media coverage heats up. From my own Humble opinion, I feel that this story was hyped beyond all reality but it caused heightened responses in some and ‘meh’ in others

It all starts off when some researchers material that has been known about in forensic circles since 2010 becomes more public. This let’s everyone know that there is a file on IOS devices called consolidated.db that holds geolocation data that has been gathered from cell towers and wifi stations the phone has visited. Furthermore this file Is backed up to the desktop when the device is synchronised.

This raises the following opportunities for your location data to fall into others hands:

  • If your device is stolen or lost
  • If your desktop is compromised
  • If you have jailbroken your device and not changed the default root password.

The answer to all of these is to simply increase your security by doing some or all of the following:

  • Upgrade to 4.3.3; the option to switch off notifications does stop collecting data as it should and deletes the cache on the device.
  • Set up passcoding your device if not done so already.
  • Encrypt your iTunes backups so the content cannot simply be read
  • Secure your laptop with password security for login and return from screen saver. This is of course a hindrance to usage but if it protected your data, is it not worth it?
  • If you using a Jailbroken device, make sure it is secured with the root password changed from the default.

It should be noted that Apple stated that no data was ever used to identify an individuals movements but rather that crowdsourced anonymised data was sent back to widen the networks awareness of where cell towers and wifi spots are to speed up the pinpointing of location data. Many cried that Android did not do the same data collection but it was quickly stomped on by Apple when they stated that they don’t track people but Google does.

With both companies, all they collect is in the terms of service that you agree to or agree that your location data will be shared… However, I do think that they could bring this information to users in much better ways to prevent misunderstandings like this.

Now, American congress is taking an interest in the information gathering of these two giants… Interesting to see how that will change our mobile landscape in the future.

Dropbox security issues
There have been a couple of security alerts i have picked up on the Dropbox system. The first issue is in the change of TOS for users and the less-encrypted-than-you-thought file system. The second issue was around client connectivity where someone could hijack your account without your password. I have produced a separate blog posting on this one and it can be found here.

MAC Defender virus
Not the first of it’s kind but one that is receiving a lot of media attention. It is there to trap the unwary and less savvy user. Find out more here.

%d bloggers like this: